-
-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Url parameter secrets are not sanitized by default in ASP.NET #3374
Comments
Thanks for reaching out. That does sound like something that we probably should not do. Let me get back to you. |
It looks like we have something to redact PII but nothing for secrets or sensitive information more generally: sentry-dotnet/src/Sentry/SentryClient.cs Lines 167 to 170 in c96e3ef
If we did add something more generic to redact sensitive information, it would have to be flexible/configurable, as the kinds of things that indicate whether something is sensitive or not would definitely be cultural specific and likely domain specific as well. Possibly something like |
I really like this idea. Let me check with the other SDKs if they have something like that in place. |
I found an |
Looks like that scrubs everything. I can't see any reference to this in the Developer Docs but we could just mimic the behaviour of the Python SDK. |
Package
Sentry
.NET Flavor
.NET
.NET Version
8.0.0
OS
Any (not platform specific)
SDK Version
4.6.2
Self-Hosted Sentry Version
No response
Steps to Reproduce
secret
Expected Result
Url parameter would be masked (like with user ids).
Actual Result
Url parameter is not masked and full unmasked path is send to Sentry.
The text was updated successfully, but these errors were encountered: